package middleware

import (
	"github.com/gogf/gf/net/ghttp"
)



// 允许接口跨域请求
func CORS(r *ghttp.Request) {
	r.Response.CORSDefault()
	r.Middleware.Next()
}


// 自定义header
func  MYHEADER(r *ghttp.Request) {
	r.Response.Header().Set("X-Frame-Options", "SAMEORIGIN")
	r.Response.Header().Set("X-Download-Options", "SAMEORIGIN")
	r.Response.Header().Set("X-Content-Type-Options", "nosniff")
	r.Response.Header().Set("X-XSS-Protection", "1; mode=block")
	r.Response.Header().Set("Strict-Transport-Security", "max-age=31536000")
	r.Response.Header().Set("Content-Security-Polic", "frame-ancestors 'self'")
	r.Response.Header().Set("X-Permitted-Cross-Domain-Policies", "master-only")
	r.Response.Header().Set("Set-Cookie", "HttpOnly,Secure")
	r.Response.Header().Set("Referrer-Policy", "value")
	r.Middleware.Next()
}